CN107852586B - Electronic access control for application middle layer - Google Patents

Electronic access control for application middle layer Download PDF

Info

Publication number
CN107852586B
CN107852586B CN201680037746.7A CN201680037746A CN107852586B CN 107852586 B CN107852586 B CN 107852586B CN 201680037746 A CN201680037746 A CN 201680037746A CN 107852586 B CN107852586 B CN 107852586B
Authority
CN
China
Prior art keywords
message
terminal device
electronic terminal
mobile communication
electronic
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201680037746.7A
Other languages
Chinese (zh)
Other versions
CN107852586A (en
Inventor
马塞尔·普卢斯
皮特·普卢斯
米夏埃尔·维特
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Legic Identsystems AG
Original Assignee
Legic Identsystems AG
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Legic Identsystems AG filed Critical Legic Identsystems AG
Publication of CN107852586A publication Critical patent/CN107852586A/en
Application granted granted Critical
Publication of CN107852586B publication Critical patent/CN107852586B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/12Messaging; Mailboxes; Announcements
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00309Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00896Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys specially adapted for particular uses
    • G07C9/00904Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys specially adapted for particular uses for hotels, motels, office buildings or the like
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/088Usage controlling of secret information, e.g. techniques for restricting cryptographic keys to pre-authorized uses, different access levels, validity of crypto-period, different key- or password length, or different strong and weak cryptographic algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/80Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W76/00Connection management
    • H04W76/10Connection setup
    • H04W76/14Direct-mode setup
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W88/00Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
    • H04W88/02Terminal devices
    • H04W88/04Terminal devices adapted for relaying to or from another terminal or user

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Telephonic Communication Services (AREA)
  • Vehicle Body Suspensions (AREA)

Abstract

For communication between a terminal device (1) and a backend system (6) assigned to the terminal device (1), the terminal device (1) receives (S0) an authorization code from a mobile communication device (2) via a direct wireless communication link. In response to receiving the authorization code, the terminal device (1) transmits (S3) a terminal report message to the mobile communication device (2) via the direct wireless communication link (3), the terminal report message comprising a message content part and a message addressing part. The mobile communication device (2) transmits (S6) the terminal report message in a forward message via the telecommunications network (10) to the remote message processing system (5) determined by the addressing section. The remote message processing system (5) determines (S7) from the addressed portion the backend system (6) assigned to the electronic terminal device (1) and transmits (S8) the content portion of the terminal report message to the backend system (6).

Description

Electronic access control for application middle layer
Technical Field
The invention relates to an electronic terminal device, a mobile communication device and a method for communicating between the electronic terminal device and a back-end system. In particular, the invention relates to an electronic terminal device comprising a radio communication module for bidirectional wireless data exchange with a mobile communication device via a direct wireless communication link, a mobile communication device comprising a telecommunications module for communication with a remote computer system and a radio communication module for bidirectional wireless data exchange via a direct wireless communication link, and a method of communicating between an electronic terminal device and a backend system assigned to the electronic terminal device.
Background
Electronic terminal devices included in access control systems have been used in combination with passive RFID transponders (radio frequency identifiers) for many years. The electronic terminal device comprises an RFID reader for wirelessly reading the access rights or at least the user identifier from the RFID transponder for controlling access to an access controlled area (e.g. a building or a room), or to an access controlled object (e.g. goods in a car or a vending machine, etc.). In the case of the arrival of mobile radio telephones (cellular telephones) containing active RFID based communication interfaces, so-called NFC interfaces (near field communication), it is possible to use such mobile telephones as carriers for access rights instead of passive RFID transponders in the form of RFID cards, dongles, etc. By means of the NFC interface it is possible to relate the access control to the physical presence of the mobile phone in an area (e.g. attached to or close to a door or gate) near the corresponding NFC interface of the access control device. In other words, the short communication range of the NFC interface requires that the mobile phone of the user is not at a large distance from the door or gate to be accessed, so that it is not possible to erroneously give access to unauthorized persons based on the access rights stored on the mobile phone of the legitimate user as long as the mobile phone is owned by the legitimate user. In addition to mobile radio communication modules for accessing cellular telephone networks, such as GSM (global system for mobile communications) or UMTS (universal mobile telephone system), at least some types and brands of mobile telephones contain other radio-based communication modules for establishing local or direct wireless communication links. For example, such radio-based communication modules include WLAN (wireless local area network) and bluetooth communication interfaces, which have a much larger communication range than NFC interfaces, e.g., ten meters to one hundred meters.
FR 2981823 describes a method for authenticating an identification device with respect to an actuator device integrated in a motor vehicle for performing a starting operation of the motor vehicle. In an authentication session, the identification means is authenticated by exchanging authentication data between the identification means and the actuator means. During the authentication session, a first portion of the exchanged authentication data is communicated using bluetooth, while a second portion of the authentication data is exchanged by magnetic induction. In the actuator, two parts of the authentication data are aggregated.
US 2012/154115 describes a method for controlling access in a location tracking system. When a mobile tag enters a room, it performs a location update procedure and becomes a node linked to the location tracking system and updates its location in the room. In response to the location update, the location tracking device of the location tracking system transmits an activation signal to the access control device in the room to initiate establishment of a communication connection with the mobile tag in order to negotiate the access rights of the mobile tag. In one embodiment, the access control device may be provided with a proximity sensor that then detects the close proximity of the mobile tag before the access control device actually grants or denies access in order to negotiate access rights.
US 2014/049361 describes an electronic system including a mobile communication device that communicates with a reader device associated with an electronic lock. The mobile communication device and the reader device communicate with each other, e.g. via bluetooth, and exchange credentials, security data and location information. In one embodiment, the electronic lock may also include a close proximity capability that automatically unlocks the electronic lock when a mobile communication device with appropriate credentials is within close proximity.
Both operators and users of access control systems welcome the provision of mobile communication devices with radio-based communication modules for establishing local or direct wireless communication links with electronic terminal devices, since it is then no longer necessary to use dedicated RFID transponders in the form of RFID cards, dongles or the like. However, in order to monitor, maintain and/or update electronic terminal devices in an access control system, it is increasingly necessary to provide the electronic terminal devices with a communication module for direct communication with a remote backend system. Therefore, so-called stand-alone or offline electronic terminal devices without a communication link to the backend system are difficult to maintain and keep up with frequent software upgrades and hardware innovations of mobile phones, in particular, the consumer electronics of the world generally have a short product life cycle.
Disclosure of Invention
It is an object of the present invention to provide an electronic terminal device, a mobile communication device, and a method of communicating between an electronic terminal device and a backend system, which do not have at least some of the disadvantages of the prior art. In particular, it is an object of the invention to provide an electronic terminal device, a mobile communication device, and a method of communicating between an electronic terminal device and a back-end system without requiring the electronic terminal device to have a communication module or a communication link for direct communication with a remote back-end system.
According to the invention, these objects are achieved by the features of the independent claims. Further advantageous embodiments arise from the dependent claims and the description.
An electronic terminal device includes: a radio communication module configured to perform a bidirectional wireless data exchange with a mobile communication device via a direct wireless communication link between the radio communication module and the mobile communication device; and a controller connected to the wireless radio communication module.
According to the invention, the above object is particularly achieved in that the controller of the electronic terminal device is configured to generate a terminal report message and to transmit said terminal report message to said mobile communication device via said direct wireless communication link. The terminal report message comprises a message content part and a message addressing part. The message addressing portion is configured to enable the mobile communication device to determine a remote message processing system from the addressing portion for forwarding the message content portion of the terminal report message to a backend system assigned to the electronic terminal device.
In one embodiment, the controller is configured to generate the terminal report message in response to an authorization code received by the radio communication module from the mobile communication device via the direct wireless communication link.
In one embodiment, the controller is configured to determine a positive or negative access grant from the authorization code and include the access grant in the message content portion of the terminal report message.
In one embodiment, the controller is further configured to monitor an operating parameter of the electronic terminal device and include the operating parameter in the message content portion of the terminal report message.
In one embodiment, the electronic terminal device comprises a battery and the controller is further configured to monitor battery charge and include the battery charge in the message content part of the terminal report message.
In one embodiment, the electronic terminal device comprises an electronic lock, and the controller is connected to the electronic lock and further configured to control the electronic lock to perform an unlocking operation, count a number of unlocking operations, and include the number of unlocking operations in the message content part of the terminal report message.
In one embodiment, the controller is configured to encrypt the message content part of the terminal report message using an encryption algorithm that requires a secret assigned to the backend system of the electronic terminal device for decryption of the message content part.
In one embodiment, the controller is configured to include addressing or identification information of the backend system in the message addressing portion of the terminal report message.
In one embodiment, the controller is configured to include addressing or identification information of a remote message center in the message addressing portion of the terminal report message.
In one embodiment, the controller is configured to include a device identifier of the electronic terminal device in the message content part of the terminal report message.
In one embodiment, the controller is configured to include text in the terminal report message.
In addition to electronic terminal devices, the present invention also relates to a mobile communication device comprising a telecommunications module configured to communicate with a remote computer system via a telecommunications network. The mobile communication device further comprises a radio communication module configured to perform a bidirectional wireless data exchange with an electronic terminal device via a direct wireless communication link between the electronic terminal device and the radio communication module. The mobile communication device further comprises a processor connected to the telecommunications module and the radio communication module. The processor is configured to: analyzing a message addressing part contained in a terminal report message received from the electronic terminal device; determining a remote message processing system from the message addressing portion for forwarding a message content portion of the terminal report message to a backend system assigned to the electronic terminal device; generating a forward message and transmitting the forward message to the remote message processing system via the telecommunications network, the forward message containing the message content part of the terminal report message and a forwarded message addressing part configured to enable the remote message processing system to transmit the message content part of the terminal report message to the backend system assigned to the electronic terminal device.
In one embodiment of the mobile communication device, the processor is further configured to transmit an authorization code to the electronic terminal device via the direct wireless communication link, and to receive the terminal report message from the electronic terminal device in response to the authorization code.
In one embodiment of the mobile communication device, the processor is further configured to include identification information in the forwarded message that enables identification of a user linked to the mobile communication device.
In one embodiment of the mobile communication device, the processor is further configured to include the authorization code in the forwarded message.
In one embodiment of the mobile communication device, the processor is further configured to show a text message contained in the received message on a display of the mobile communication device.
In one embodiment of the mobile communication device, the processor is further configured to: receiving a back-end response from the remote message processing system in response to transmitting the forward message to the remote message processing system; and transmitting the back-end response to the electronic terminal device via the direct wireless communication link in response to receiving the terminal report message received from the electronic terminal device.
In addition to the electronic terminal device and the mobile communication device, the invention also relates to a method of communication between an electronic terminal device and a backend system assigned to the electronic terminal device. The method comprises the following steps: generating a terminal report message in the electronic terminal device, the terminal report message comprising a message content part and a message addressing part; transmitting the terminal report message from the electronic terminal device to a mobile communication device via a direct wireless communication link between the electronic terminal device and the mobile communication device; determining, in the mobile communication device, a remote message processing system from the addressed portion of the terminal report message for forwarding the terminal report message; generating a forward message in said mobile communication device, said forward message containing said message content portion and a forwarded message addressing portion of said terminal report message; transmitting the forwarded message from the mobile communication device to the remote message processing system via a telecommunications network; determining, in the remote message processing system, a backend system assigned to the electronic terminal device from the forwarded message addressing component; and transmitting the message content portion of the terminal report message from the remote message processing system to the backend system.
In one embodiment, the method further comprises: receiving an authorization code from the mobile communication device via the direct wireless communication link in the electronic terminal device; and generating the terminal report message in the electronic terminal device in response to the authorization code.
In one embodiment, the method further comprises receiving, in the mobile communication device, a backend response from the remote message processing system in response to transmitting the forwarded message to the remote message processing system; and
transmitting the back-end response to the electronic terminal device via the direct wireless communication link in response to receiving the terminal report message received from the electronic terminal device.
Drawings
The invention will be explained in more detail by way of example with reference to the accompanying drawings, in which:
FIG. 1: a block diagram schematically illustrating an electronic terminal device communicating with an assigned backend system via a mobile communication device is shown;
FIG. 2: schematically illustrating a block diagram of an electronic terminal device having a radio communication module and a radio-based proximity detector;
FIG. 3: a block diagram schematically illustrating a data structure of a terminal report message and a forward message is shown;
FIG. 4: a flow chart illustrating an exemplary sequence of steps for transmitting a terminal report message to a backend system is shown;
FIG. 5: a flow chart illustrating an exemplary sequence of steps for transmitting a back-end response from the back-end system to the electronic terminal device is shown.
Detailed Description
Fig. 1 shows a communication system comprising an electronic terminal device 1, a mobile communication device 2 and a message processing system 4. The message processing system 4 includes a message center 5 and one or more backend systems 6, 6'. Reference numeral 6' refers to a client backend system, which is arranged separately from the backend system 6 arranged with the message center 5 and remote from the backend system 6. The message center 5 and backend systems 6, 6' are implemented on one or more operable computers of the message processing system 4. Depending on the implementation and configuration, the message center 5 is configured to communicate with the backend systems 6, 6' via a communication bus, a local area network, or a telecommunications network (e.g., the internet). As further illustrated in fig. 1, the mobile communication device 2 comprises a telecommunications module 23 configured to communicate with the message center 5 via the telecommunications network 10. The telecommunication network 10 comprises a mobile radio network, such as GSM (global system for mobile communications), UMTS (universal mobile telephone system), etc. As indicated by the dashed lines in fig. 1, optionally the electronic terminal device 1 is connected to the assigned backend system 6, 6' via a communication link 60, e.g. by a wired connection or a fixed or mobile communication network. However, the stand-alone or off-line embodiment of the electronic terminal device 1 does not have a direct communication link 60 to the backend system 6, 6'. In addition, for mobile embodiments of the electronic terminal device 1, permanent availability of the direct communication link 60 to the backend system 6, 6' cannot be guaranteed, for example when they are located in areas without reception.
The mobile communication device 2 is implemented as a mobile radio telephone (i.e., a cellular telephone), a tablet or notebook computer, a computerized watch, or another mobile communication device. As schematically illustrated in fig. 1, the mobile communication device 2 comprises a radio communication module 21 and a programmable processor 22 connected thereto. The radio communication module 21 is configured to exchange data with the radio communication module 11 of the electronic terminal device 1 via the direct wireless communication link 3.
As schematically illustrated in the embodiment of fig. 2, the electronic terminal device 1 is implemented as an electronic access control device comprising an electronic/motorized lock 14 for locking and unlocking an entrance (e.g. door, gate, etc.) of an access controlled area (e.g. a building, car or room). In response to the access control signal, the electronic lock 14 drives one or more levers or bolts to lock or unlock access to the access controlled area. The electronic lock 14 and the remaining components of the electronic access control device 1 are implemented in a common housing or in separate housings. The person skilled in the art will understand that depending on the application, e.g. in order to control access to objects in the vending machine, the electronic terminal device 1 or the electronic lock 14, respectively, is configured to block or grant access, e.g. to unlock or drop objects from or into the vending machine, respectively.
In an alternative embodiment, the electronic terminal device 1 is not configured to lock and unlock an entrance, but is configured to control a user's access to: areas, objects or services where tickets are traditionally needed, such as public transportation, e.g. trains, trams, boats, ski lift, etc.; or events such as performances in theaters, movie theaters, stadiums, etc.; or an object served by a vending machine, such as a food, beverage or snack dispenser. The corresponding access rights of the user are thus represented by an authorization code comprising an electronic (password) access key, an electronic ticket and/or an electronic fund or voucher.
The electronic terminal device 1 comprises one or more electronic circuits and modules which are powered by one or more batteries or external power supplies connected to the electronic terminal device 1. As shown in fig. 2, the electronic terminal device 1 comprises a radio communication module 11, a controller 12 and an optional proximity detector 13. The controller 12 is electrically connected to the communication module 11 and the proximity detector 13.
The radio communication module 11 is configured to perform wireless data exchange with the mobile communication device 2 via a direct wireless communication link 3 between the radio communication module 11 and the mobile communication device 2. The term "directly" will indicate that the wireless communication link 3 does not include intermediate components between the radio communication module 11 and the mobile communication device 2, such as routers, repeaters, gateways, wire networks, base stations, and the like. The radio communication module 11 is configured to perform wireless data exchange over short distances of several meters, in particular over distances of up to five, ten or twenty meters. In one embodiment, the radio communication module 11 comprises a bluetooth transceiver, in particular a bluetooth low energy transceiver. The radio communication module 11 is configured to operate in the frequency band of 2.4GHz to 2.485GHz using (ultra high frequency UHF) microwaves. In an alternative embodiment, the radio communication module 11 comprises a WLAN communication module based on the IEEE 802.11 standard (e.g., operating in the 2.4GHz to 5GHz frequency band). In another embodiment, the radio communication module 11 comprises an RFID communication module operating according to ISO 18092, ISO 21481, ISO 15693 and/or ISO 14443 (e.g. at a carrier frequency of 6.78MHz, 13.56MHz or 27.12MHz (or another multiple of 13.56 MHz)) using (high frequency HF) radio waves.
The controller 12 comprises a programmable microprocessor with computer program code, a field programmable gate array, an application specific integrated circuit, and/or another electronic circuit configured to perform various functions described in more detail later.
The optional proximity detector 13 is configured to detect the presence of the mobile communication device 2 in a defined proximity of the electronic access control device 1, in particular the presence of the mobile communication device 2 in close proximity within a distance range of up to five, ten or fifteen centimeters, which may be adjusted, for example, by setting a sensitivity parameter in the access control device 1. In accordance with the embodiment, the proximity detector 13 comprises a non-radio-based proximity detector and/or a radio-based proximity detector. The non-radio-based proximity detector is configured to detect the presence of a user without using radio waves. The non-radio-based proximity detector includes one or more non-radio-based detector modules including capacitive sensors, photodetectors, motion detectors, impact detectors, and/or electromechanical switches. The radio-based proximity detector comprises a continuous wave radar system or reader wake-up module disclosed in patents EP 1723575 or EP 2437403 in the name of the applicant, the entire contents of which are incorporated herein by reference. The reader wake-up module is configured to detect the presence of the mobile communication device 2 by: transmitting an electromagnetic field pulse 10; detecting a return signal during the transmission of the electromagnetic field pulse 10; and using the return signal to detect the presence of the mobile communication device 2.
In the following paragraphs, a possible sequence of steps for exchanging messages between the electronic terminal device 1 and the backend system 6, 6', in particular between an independent or offline electronic terminal device 1 and the backend system 6, 6', is described with reference to fig. 4 and 5. Steps S0 to S10 relate to the transmission of the terminal report message 7 from the electronic terminal device 1 to the backend system 6, 6' assigned to the electronic terminal device 1. Steps S11 to S19 relate to transmitting a backend response message from the backend system 6, 6' to the electronic terminal device 1.
In an initial step, the electronic terminal device 1 or its proximity detector 13, respectively, detects the presence of the mobile communication device 2 in a defined (close) proximity of the electronic terminal device 1. For that purpose, the user of the mobile communication device 2 physically moves and places the mobile communication device 2 into a defined (close) proximity range of the electronic terminal device 2 or the antenna 131 of its proximity detector 13, respectively, or according to other embodiments of the proximity detector 13, the user performs other actions to indicate proximity, such as knocking the door to activate the impact detector, performing a hand movement to activate the motion detector, touching the door handle to activate the capacitive sensor, activating an electromechanical switch, etc.
Upon detecting that the mobile communication device 2 is in a defined (close) proximity of the electronic terminal device 1 or its proximity detector 13, respectively, the controller 12 of the access control device 1 controls the radio communication module 11 to establish the direct wireless communication link 3 with the mobile communication device 2.
However, the skilled person will understand that the method of exchanging messages between the electronic terminal device 1 and the backend system 6, 6' described below does not require the optional proximity detector 13 and the detection of the mobile communication device 2 in a defined (close) proximity for setting up and establishing the direct wireless communication link 3 between the mobile communication device 2 and the electronic terminal device 1. For exchanging messages between the electronic terminal device 1 and the backend system 6, 6', a direct wireless communication link 3 may be provided between the respective radio communication modules 11, 21 without prior proximity detection by a proximity detector.
In step S0, once the direct wireless communication link 3 is set between the mobile communication device 2 and the electronic terminal device 1 or their radio communication modules 11, 21, respectively, the mobile communication device 2 or its radio communication module 21 transmits the authorization code to the electronic terminal device 1 via the direct wireless communication link 3, respectively. In particular, the processor 22 of the mobile communication device 2 is configured to transmit an authorization code to the electronic terminal device 1. The transmission of the authorization code is triggered as soon as a direct wireless communication link 3 is set up between the mobile communication device 2 and the access control device 1 or their radio communication modules 11, 21, respectively. In one embodiment, the transmission of the authorization code is triggered by the electronic terminal device 1 transmitting an execution request to the mobile communication device 2 via the direct wireless communication link 3. The authorization code authorizes the mobile communication device 2 to operate as a communication relay between the electronic terminal device 1 and the backend system 6, 6' assigned to the electronic terminal device 1. Depending on the application and/or configuration, for example in embodiments where the electronic terminal device 1 is configured as an access control device, the authorization code further authorizes the user of the mobile communication device 2 to access the access controlled area, service or product, as described above.
In step 51, the electronic terminal device 1 or its controller 12 determines positive or negative access authorization from the authorization code, respectively. In particular, the positively verified authorization code indicates a positive authorization for exchanging messages with the backend system 6, 6' assigned to the electronic terminal device 1.
However, it will be understood by those skilled in the art that the method of exchanging messages between the electronic terminal device 1 and the backend system 6, 6 'described below does not require the transmission and checking of an authorization code in steps S0 and S1 if any suitably configured mobile communication device 2 is permitted to operate as a communication relay between the electronic terminal device 1 and the backend system 6, 6' assigned to the electronic terminal device 1.
In one embodiment, the authorization code further comprises a request code indicating a specific data request to be executed and responded to by the electronic terminal device 1.
In step S2, the electronic terminal device 1 or its controller 12, respectively, generates a terminal report message 7, when applicable, following a positive verification of the authorization code. As illustrated in fig. 3, the terminal report message comprises a message content part 72 and a message addressing part 71. The message content part 72 includes a message identifier 721 and content data 722. The message identifier 721 contains an electronic terminal device identifier 721 that unambiguously identifies the electronic terminal device 1 and a serial number generated by the electronic terminal device 1 or its controller 12, respectively. The message addressing part 71 comprises a terminal message indicator 711, a message center identifier 712 and a backend system identifier 713. The terminal message indicator 711 identifies the message type as a "terminal report message". The message center identifier 712 contains identification and/or addressing information and specifically identifies and/or addresses the message center 5 responsible for processing the terminal report message 7. The backend system identifier 713 contains identification and/or addressing information and specifically identifies and/or addresses the backend systems 6, 6' assigned to the electronic terminal device 1.
The content data 722 includes operation parameters of the electronic terminal apparatus 1. The operating parameters include operating conditions monitored by the electronic terminal device 1 or its controller 12, respectively. Depending on the embodiment and configuration, the operating parameters include the battery level of the battery of the electronic terminal device 1, the number of unlocking operations performed by the electronic lock 14 of the electronic terminal device 1, and/or other status/condition data of the electronic terminal device 1. In one embodiment, the content data 722 further comprises a timestamp and configuration parameters of the electronic terminal device 1, such as a version number of the software and/or hardware of the electronic terminal device 1. In another embodiment, content data 722 includes a text message. In another embodiment, the content data 722 includes a positive access authorization, for example in the form of an electronic signature. In another embodiment, the content data 722 contains response data determined and provided by the electronic terminal device 1 in response to and in line with the request code contained in the received authorization code. In another embodiment, the content data 722 comprises instructions for dispatch to the backend system 6, 6' of the electronic terminal device 1, such as update requests, service requests, etc.
In step S3, the electronic terminal device 1 or its controller 12 transmits a terminal report message 7 to the mobile communication device 2 via the direct wireless communication link 3, respectively. In one embodiment, the controller 12 encrypts the message content part 72 before transmission using an encryption algorithm that requires a secret assigned to the backend system 6, 6' of the electronic terminal device 1 for decryption of the message content part.
In step S4, the mobile communication device 2 or its processor 22 extracts the message center identifier 712 from the terminal report message 7 and determines the message center 5 responsible for processing the terminal message 7, respectively.
In step S5, the mobile communication device 2 or its processor 22, respectively, generates a forwarded message 8. As illustrated in fig. 3, the forwarded message 8 includes a content portion 82 and an addressing portion 81. The content part 82 includes a message identifier 821 extracted from the terminal report message 7 and content data 822. The addressing portion 81 includes a forwarded message indicator 811 and a backend system identifier 813 extracted from the terminal report message 7. The forwarded message indicator 811 identifies the message type as "forwarded message".
In step S6, the mobile communication device 2 or its telecommunications module 23, respectively, transmits the forwarded message 8 via the telecommunications network 10 to the message center 5 identified by the message center identifier 712 extracted from the terminal report message 7. For the purpose of matching and relaying the response message, the mobile communication device 2 stores the forwarded message 8 or at least the message identifier 821, including the serial number of the originating electronic terminal device 1 and the electronic terminal device identifier. In one embodiment, the forwarded message 8 or the communication channel used to transmit the forwarded message 8 is encrypted.
In step S7, the message center 5 or one of its processors extracts the backend system identifier 813 from the forwarded message 8 and determines the backend system 6, 6' assigned to the electronic terminal device 1, respectively.
In step S8, the message center 5 or one of its processors transmits the message content 9 to the backend system 6, 6', respectively, identified by the backend system identifier 813 extracted from the forwarded message 8. Message content 9 includes a message identifier 921 and content data 922 extracted from the content portion 82 of the forwarded message 8. For the purpose of matching and relaying the response message, the message center 5 stores the forwarded message 8 or at least the message identifier 821, including the serial number of the originating electronic terminal device 1 and the electronic terminal device identifier assigned to the address of the originating mobile communication device 2.
In step S9, the backend system 6, 6' or one of its processors extracts the electronic terminal device identifier 921 from the message identifier 921, respectively, and determines the originating electronic terminal device 1 that transmitted the terminal report message 7.
In step S10, the backend system 6, 6' or one of its processors extracts and decrypts (when applicable) the content data 922 received via the mobile communication device 2 and the message center 5, respectively, from the originating electronic terminal device 1 identified by the electronic terminal device identifier contained in the message identifier 921. The backend system 6, 6' assigned to the message identifier 921 stores the (decrypted) content data 922, said message identifier 921 containing the serial number of the originating electronic terminal device 1 and the electronic terminal device identifier.
As illustrated in fig. 5, in step S11, the backend system 6, 6', or one of its processors, respectively, generates a backend response message. The back-end response message contains a content portion having a message identifier and content data. The content data contains an acknowledgement that the message content 9 has been received from the electronic terminal device 2 identified by the electronic terminal device identifier. In one embodiment, the content data further comprises software updates and/or configuration parameters of the electronic terminal device 2. In another embodiment, the content data further comprises a timestamp. Depending on the embodiment or application, the content data further comprises a response or result in response to a request or instruction received in a terminal report message 7 from the electronic terminal device 2. The message identifier contains the serial number of the originating electronic terminal device 1 and the electronic terminal device received in step S8, as well as the message content 9 from the message center 5. The message identifier further includes a backend system identifier of the responding backend system 6, 6 'and a sequence number generated by the responding backend system 6, 6' or one of its processors, respectively. The back-end response message is relayed to the originating electronic terminal device 1 via the message center 5 and the mobile communication device 2 as described below. Thus, the presence and/or availability of the communication link 60 is not required.
In step S12, a backend response message is transmitted from the backend system 6, 6' to the message center 5 as a response to the message content 9 received from the message center 5 in step S8.
In step S13, the message center 5 or one of its processors, respectively, determines the mobile communication device 2 with which the backend response message is to be relayed to the originating electronic terminal device 1. For that purpose, the message center 5 uses the message identifier of the terminal report message contained in the back-end response message to determine the address of the originating mobile communication device 2 stored in the message center 5.
In step S14, the message center 5 or one of its processors forwards the back-end response message to the mobile communication device 2 determined in step S13, respectively. In one embodiment, the forwarded message 8, the backend response message or the communication channel used for transmitting the backend response message is encrypted.
In step S15, the mobile communication device 2 or its processor 22, respectively, determines the electronic terminal device 1 to which the backend response message is to be forwarded. For that purpose, the mobile communication device 2 uses the electronic terminal device identifier of the originating electronic terminal device 1 contained in the message identifier of the backend response message.
In step S16, the mobile communication device 2 or its processor 22 checks whether the respective electronic terminal device 1 is still connected or reachable via the direct wireless communication link 3, respectively. If this is not the case, mobile communication device 2 proceeds in step S17 by sending an error report message to backend system 6, 6' via message center 5, indicating that a backend response message may not be delivered at this time. In one embodiment, when the electronic terminal device 1 is connected to the mobile communication device 2 and the mobile communication device 2 is reachable to the electronic terminal device 1 (store and forward), the mobile communication device 2 delivers the backend response message to the electronic terminal device 1 at a later point in time.
In step S18, the mobile communication device 2 or its processor 22 transmits a backend response message to the electronic terminal device 1 using the radio communication module 21, respectively.
In step S19, the backend response message is received by the radio communication module 22 of the electronic terminal apparatus 1. The electronic terminal device 1 or its controller 12 processes the received back-end response message, respectively. For example, the controller 12 matches the received back-end response message with the corresponding terminal report message 7 by using the message identifier. If there is a match, the terminal report message 7 is considered to be acknowledged by the backend system 6, 6', e.g. in case the time delay between the terminal report message 7 and the backend response message is within a defined time threshold. Depending on the data content contained in the back-end response message, other processing steps may be included, such as installing software updates contained in the data content.
It should be noted that in the description the sequence of steps has been presented in a particular order, however, it will be understood by those skilled in the art that the computer program code may be structured differently and that the order of at least some of the steps may be altered without departing from the scope of the invention.

Claims (18)

1. An electronic terminal device (1), the electronic terminal device comprising: a radio communication module (11) configured to perform a bidirectional wireless data exchange with a mobile communication device (2) via a direct wireless communication link (3) between the radio communication module (11) and the mobile communication device (2); and a controller (12) connected to the wireless radio communication module (11),
wherein the controller (12) is configured to generate a terminal report message (7) and to transmit the terminal report message (7) to the mobile communication device (2) via the direct wireless communication link (3), the terminal report message (7) comprising a message content part (72) and a message addressing part (71), the message addressing part (71) comprising an information center identifier (712) determining a message center (5) of a remote message processing system (5) responsible for processing terminal messages (7) and causing the mobile communication device (2) to use the addressing part (71) for forwarding the message content part of the terminal report message (7) over a mobile radio network to a backend system (6, 6') assigned to the electronic terminal device (1).
2. The electronic terminal device (1) according to claim 1, wherein the controller (12) is configured to generate the terminal report message (7) in response to an authorization code received by the radio communication module (11) from the mobile communication device (2) via the direct wireless communication link (3).
3. The electronic terminal device (1) according to claim 1 or 2, wherein the controller (12) is further configured to monitor an operating parameter of the electronic terminal device (1) and to include the operating parameter in the message content part (72) of the terminal report message (7).
4. The electronic terminal device (1) according to claim 1 or 2, wherein the electronic terminal device (1) comprises a battery and the controller (12) is further configured to monitor a battery level and to include the battery level in the message content part (72) of the terminal report message (7).
5. The electronic terminal device (1) according to claim 1 or 2, wherein the electronic terminal device (1) comprises an electronic lock (14) and the controller (12) is connected to the electronic lock (14) and further configured to control the electronic lock (14) to perform an unlocking operation, to count a number of unlocking operations, and to include the number of unlocking operations in the message content part (72) of the terminal report message (7).
6. Electronic terminal device (1) according to claim 1 or 2, wherein the controller (12) is configured to encrypt the message content part (72) of the terminal report message (7) using an encryption algorithm that needs to decrypt a secret assigned to the backend system (6, 6') of the electronic terminal device (1).
7. Electronic terminal device (1) according to claim 1 or 2, wherein the controller (12) is configured to include addressing or identification information of the backend system (6, 6') in the message addressing part (71) of the terminal report message (7).
8. Electronic terminal device (1) according to claim 1 or 2, wherein the controller (12) is configured to include addressing or identification information of a remote message center (5) in the message addressing part (71) of the terminal report message (7).
9. The electronic terminal device (1) according to claim 1 or 2, wherein the controller (12) is configured to include a device identifier of the electronic terminal device (1) in the message content part (72) of the terminal report message (7).
10. Electronic terminal device (1) according to claim 1 or 2, wherein the controller (12) is configured to include text in the terminal report message (7).
11. A mobile communication device (2), the mobile communication device comprising: a telecommunications module (23) configured to communicate with a remote computer system via a mobile wireless network (10); and a radio communication module (21) configured to perform a bidirectional wireless data exchange with an electronic terminal device (1) via a direct wireless communication link (3) between the electronic terminal device (1) and the radio communication module (21); and a processor (22) connected to the telecommunications module (23) and the radio communication module (21);
wherein the processor (22) is configured to: -analysing a message addressing part (71) contained in a terminal report message (7) received from the electronic terminal device (1); -determining from the message addressing part (71) an information centre identifier (712) which determines the message centre (5) of the remote message processing system (5) responsible for processing terminal messages, and forwarding the message content part (72) of the terminal report message (7) to a backend system (6, 6') assigned to the electronic terminal device (1); generating a forward message (8) and transmitting the forward message to the remote message processing system (4) via the mobile radio network (10), the forward message (8) containing the message content part (82) of the terminal report message (7) and a forwarded message addressing part (81) having a backend system identifier 813 extracted from the terminal report message 7 and enabling the remote message processing system (5) to transmit the message content part (82) of the terminal report message (7) to the backend system (6, 6') assigned to the electronic terminal device (1).
12. The mobile communication device according to claim 11, wherein the processor (22) is further configured to transmit an authorization code to the electronic terminal device (1) via the direct wireless communication link (3) and to receive the terminal report message from the electronic terminal device (1) in response to the authorization code.
13. The mobile communication device according to claim 12, wherein the processor (22) is further configured to include the authorization code in the forwarded message (8).
14. The mobile communication device according to claim 11 or 12, wherein the processor (22) is further configured to show a text message contained in the received terminal report message (7) on a display of the mobile communication device (2).
15. The mobile communication device of claim 11 or 12, wherein the processor (22) is further configured to: receiving a backend response from the remote message processing system (5) in response to transmitting the forward message (8) to the remote message processing system (5); and transmitting the back-end response to the electronic terminal device (1) via the direct wireless communication link (3) in response to receiving the terminal report message received from the electronic terminal device (1).
16. A method of communicating between an electronic terminal device (1) and a backend system (6, 6') assigned to the electronic terminal device (1), the method comprising:
generating (S2) a terminal report message (7) in the electronic terminal device (1), the terminal report message (7) comprising a message content part (72) and a message addressing part (71), the message addressing part (71) comprising an information center identifier (712) determining a message center (5) of a remote message processing system (5) responsible for processing the terminal report message (7);
-transmitting (S3) the terminal report message (7) from the electronic terminal device (1) to a mobile communication device (2) via a direct wireless communication link (3) between the electronic terminal device (1) and the mobile communication device (2);
determining (S4), in the mobile communication device (2), from the addressed part (71) of the terminal report message (7), an information center (5) of a remote message processing system (5) for forwarding the terminal report message (7);
generating (S5) a forward message (8) in the mobile communication device (2), the forward message (8) including the message content part (82) of the terminal report message (7) and a forwarded message addressing part (81), the forwarded message addressing part (81) having a backend system identifier (813) extracted from the terminal report message 7,
transmitting (S6) the forwarded message (8) from the mobile communication device (1) to the remote message processing system (5) via a mobile wireless network (10);
determining (S7), in the remote message processing system (5), from the forwarded message addressing portion (81), the backend system (6, 6') assigned to the electronic terminal device (1); and
transmitting (S8) the message content part (9) of the terminal report message (7) from the remote message processing system (5) to the backend system (6, 6').
17. The method of claim 16, further comprising: -receiving (S0) an authorization code from the mobile communication device (2) via the direct wireless communication link (3) in the electronic terminal device (1); and generating (S2) the terminal report message (7) in the electronic terminal device (1) in response to the authorization code.
18. The method of claim 16 or 17, further comprising: receiving (514), in the mobile communication device (1), a backend response from the remote message processing system (5) in response to transmitting (S6) the forward message (8) to the remote message processing system (5); and transmitting (518) the backend response to the electronic terminal device (1) via the direct wireless communication link (3) in response to receiving (S3) the terminal report message received from the electronic terminal device (1).
CN201680037746.7A 2015-07-23 2016-06-23 Electronic access control for application middle layer Active CN107852586B (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
CH1078/15 2015-07-23
CH01078/15A CH711351A1 (en) 2015-07-23 2015-07-23 Electronic access control and access control procedures.
PCT/EP2016/064570 WO2017012819A1 (en) 2015-07-23 2016-06-23 Electronic access control applying an intermediate

Publications (2)

Publication Number Publication Date
CN107852586A CN107852586A (en) 2018-03-27
CN107852586B true CN107852586B (en) 2021-04-02

Family

ID=53723962

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201680037746.7A Active CN107852586B (en) 2015-07-23 2016-06-23 Electronic access control for application middle layer

Country Status (9)

Country Link
US (2) US10735917B2 (en)
EP (2) EP3326401B1 (en)
KR (1) KR102444700B1 (en)
CN (1) CN107852586B (en)
CA (1) CA2989255C (en)
CH (1) CH711351A1 (en)
DK (2) DK3703405T3 (en)
ES (2) ES2788156T3 (en)
WO (1) WO2017012819A1 (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2018213253A1 (en) * 2017-05-16 2018-11-22 Carrier Corporation Access control system with wireless communication
CH715441A1 (en) * 2018-10-09 2020-04-15 Legic Identsystems Ag Methods and devices for communicating between an internet of things device and a remote computing system.

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101557349A (en) * 2009-05-26 2009-10-14 孙斌 Method and system for processing Internet data message
CN101588293A (en) * 2009-04-24 2009-11-25 常熟理工学院 Full IP communication interconnection system of Ad Hoc network and IPv6 network
CN101682546A (en) * 2007-04-13 2010-03-24 Hart通信基金会 Under process control environment with the wired and wireless mixed communication of field apparatus
CN103140880A (en) * 2011-03-24 2013-06-05 瑞科卢都有限公司 Standalone biometric authorization control device and method
CN103578169A (en) * 2013-11-19 2014-02-12 南京品佳科技开发有限公司 Intelligent informationized passive electronic lockset
US8769260B1 (en) * 2012-04-10 2014-07-01 Trend Micro Incorporated Messaging system with user-friendly encryption and decryption

Family Cites Families (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FI106282B (en) * 1997-09-22 2000-12-29 Nokia Networks Oy A method and system for transmitting a short message over a telecommunications network
US7598872B2 (en) 2004-03-03 2009-10-06 Legic Identsystems Ag Method for recognizing identification media
US20060280181A1 (en) * 2005-05-17 2006-12-14 Ripcord Technologies, Inc. (A Delaware Corporation) Systems and methods for operating and management of RFID network devices
US20080095162A1 (en) * 2006-10-20 2008-04-24 Heru Khoe Communications system
WO2008069626A1 (en) * 2006-12-08 2008-06-12 Electronics And Telecommunications Research Institute Apparatus and method of generating wake-up signal in battery-powered passive tag
US7899873B2 (en) * 2008-05-20 2011-03-01 At&T Intellectual Property I, L.P. System and method of controlling a messaging system
US8619779B2 (en) * 2009-09-30 2013-12-31 Alcatel Lucent Scalable architecture for enterprise extension in a cloud topology
EP2437403B1 (en) 2010-09-30 2013-02-20 Legic Identsystems AG Detection of a contactless data storage device
US8831676B2 (en) * 2010-11-05 2014-09-09 Blackberry Limited Mobile communication device with subscriber identity module
EP2469478A1 (en) 2010-12-21 2012-06-27 9Solutions Oy Access control in location tracking system
FR2981823B1 (en) 2011-10-25 2013-12-27 Continental Automotive France METHOD FOR AUTHENTICATING AN IDENTIFICATION DEVICE AGAINST AN ACTUATOR DEVICE, AND A MOTOR VEHICLE COMPRISING SUCH AN ACTUATOR DEVICE
EP3637376B1 (en) * 2012-08-16 2021-10-27 Schlage Lock Company LLC Wireless reader system
US10271265B2 (en) * 2013-05-08 2019-04-23 Cellcontrol, Inc. Detecting mobile devices within a vehicle based on cellular data detected within the vehicle
US9455998B2 (en) * 2013-09-17 2016-09-27 Ologn Technologies Ag Systems, methods and apparatuses for prevention of relay attacks
EP2852118B1 (en) * 2013-09-23 2018-12-26 Deutsche Telekom AG Method for an enhanced authentication and/or an enhanced identification of a secure element located in a communication device, especially a user equipment
US20150334070A1 (en) * 2013-12-09 2015-11-19 Jeffrey N. Dinardo, JR. Send2Mobile Cloud System

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101682546A (en) * 2007-04-13 2010-03-24 Hart通信基金会 Under process control environment with the wired and wireless mixed communication of field apparatus
CN101588293A (en) * 2009-04-24 2009-11-25 常熟理工学院 Full IP communication interconnection system of Ad Hoc network and IPv6 network
CN101557349A (en) * 2009-05-26 2009-10-14 孙斌 Method and system for processing Internet data message
CN103140880A (en) * 2011-03-24 2013-06-05 瑞科卢都有限公司 Standalone biometric authorization control device and method
US8769260B1 (en) * 2012-04-10 2014-07-01 Trend Micro Incorporated Messaging system with user-friendly encryption and decryption
CN103578169A (en) * 2013-11-19 2014-02-12 南京品佳科技开发有限公司 Intelligent informationized passive electronic lockset

Also Published As

Publication number Publication date
US11445337B2 (en) 2022-09-13
EP3326401B1 (en) 2020-02-12
ES2931507T3 (en) 2022-12-30
EP3326401A1 (en) 2018-05-30
CA2989255C (en) 2021-04-20
EP3703405B1 (en) 2022-09-07
CA2989255A1 (en) 2017-01-26
KR20180034448A (en) 2018-04-04
DK3703405T3 (en) 2022-11-28
KR102444700B1 (en) 2022-09-16
WO2017012819A1 (en) 2017-01-26
CH711351A1 (en) 2017-01-31
CN107852586A (en) 2018-03-27
US10735917B2 (en) 2020-08-04
DK3326401T3 (en) 2020-05-04
EP3703405A1 (en) 2020-09-02
ES2788156T3 (en) 2020-10-20
US20180213370A1 (en) 2018-07-26
US20200329350A1 (en) 2020-10-15

Similar Documents

Publication Publication Date Title
US10089807B2 (en) Electronic access control device and access control method
US11445337B2 (en) Electronic access control applying an intermediate

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant